logto icon indicating copy to clipboard operation
logto copied to clipboard

Published 20 hours ago verified publisher icon logto-io

fix(schemas): add user tenantId foreign key constraint

Open simeng-li opened this issue 4 months ago • 2 comments

Summary

We have identified a bug where developers can insert cross-tenant users into an organization using the POST /organizations/:id?users API. Previously, there was no constraint to ensure that a user's tenant_id matches the current organization's tenant_id.

To address this issue, we will add a foreign key constraint for the (tenant_id, user_id) in the organization_user_relations table.

Testing

test locally

image

Checklist

  • [ ] .changeset
  • [ ] unit tests
  • [ ] integration tests
  • [ ] necessary TSDoc comments

simeng-li avatar Sep 29 '24 08:09 simeng-li